A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely.
References
Link | Resource |
---|---|
https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_update_profile_sqli.md | Exploit |
https://vuldb.com/?ctiid.282007 | Permissions Required |
https://vuldb.com/?id.282007 | Permissions Required |
https://vuldb.com/?submit.432372 | Third Party Advisory |
Configurations
History
31 Oct 2024, 01:23
Type | Values Removed | Values Added |
---|---|---|
First Time |
Projectworlds online Time Table Generator
Projectworlds |
|
CPE | cpe:2.3:a:projectworlds:online_time_table_generator:1.0:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 8.8 |
References | () https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_update_profile_sqli.md - Exploit | |
References | () https://vuldb.com/?ctiid.282007 - Permissions Required | |
References | () https://vuldb.com/?id.282007 - Permissions Required | |
References | () https://vuldb.com/?submit.432372 - Third Party Advisory | |
Summary |
|
28 Oct 2024, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-28 13:15
Updated : 2024-10-31 01:23
NVD link : CVE-2024-10447
Mitre link : CVE-2024-10447
CVE.ORG link : CVE-2024-10447
JSON object : View
Products Affected
projectworlds
- online_time_table_generator
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')